Effective Date: January 17, 2026

1. Introduction

This policy outlines how Protocol Asia Pte Ltd, trading as Protocol SG ("we", "us", or "our"), manages personal data in compliance with Singapore’s Personal Data Protection Act 2012 ("PDPA"). We respect your privacy and are committed to protecting your data.

By using our website or services, you consent to the practices described in this policy.

2. Data We Collect

We collect personal data necessary to provide our services:

Information you provide: Name, email address, phone number, job title, company details, and billing information when you register, request demos, or contact support.

Automated information: Technical data such as IP address, browser type, and cookies collected when you navigate our website to improve user experience and security.

3. Client Data (Our Role as Intermediary)

Our platform allows clients to input personal data regarding their own customers ("Client Data"). In these instances, you act as the Data Controller, and Protocol acts as a Data Intermediary. You warrant that you have obtained all necessary consents from individuals before uploading their data into Protocol. We process Client Data strictly according to your instructions to provide the service.

4. How We Use Data

We use personal data solely for the following purposes:

To provide, operate, and maintain the Protocol platform.

To process payments and manage your account.

To provide customer support and respond to inquiries.

To send administrative and technical notices.

With your consent, to send marketing communications (you may opt-out at any time).

5. Disclosure and International Transfers

We do not sell your personal data. We only disclose data to trusted third parties essential to our operations, such as payment processors and telecommunication partners (e.g., for WhatsApp/SMS integration).

To provide a robust and secure SaaS service, our technical infrastructure is hosted by leading enterprise-grade cloud providers located in the United States. By using our service, you consent to this transfer. We ensure these providers adhere to internationally recognized security standards (such as ISO 27001 or equivalent frameworks) to ensure a standard of protection comparable to the PDPA.

6. Security and Retention

We implement industry-standard technical and organizational measures to protect data from unauthorized access. We retain personal data only for as long as necessary to fulfil the purposes for which it was collected or as required by law.

7. Your Rights and Contact

Under the PDPA, you have the right to request access to, correct, or withdraw consent for the continued use of your personal data.

To exercise these rights or for any privacy inquiries, please contact our Data Protection Officer (DPO):